SustainabilityEN | TH
Risk and Crisis Management
BDMS is committed to managing these challenges to ensure long-term and sustainable business operations,with a focus on the three key pillars of sustainability: Environmental, Social, and Governance (ESG). These elements are fundamental to addressing business challenges, driving sustainable growth, and reinforcing stakeholder and investor confidence across all groups.
BDMS has established a comprehensive risk management framework focusing on 3 key aspects to ensure business resilience and sustainability
| Established a clear governance structure to ensure swift and efficient risk management in a timely manner. | Developed a comprehensive risk management process by integrating multidisciplinary personnel across its operations | Committed to fostering a strong safety culture among all stakeholders, including employees, healthcare professionals, patients, and partners, to minimize and prevent potential risks. |
Risk Governance
The Company acknowledges the significance of risk management as an essential element of good corporate governance. Accordingly, the Company has defined clear roles and responsibilities for Enterprise Risk Management at both board oversight and operational levels. The Board of Directors has appointed the Risk Management Committee to scrutinize the Company’s risk management policy and directions, as well as to monitor and follow up the compliance of risk management policy and procedures. At the operational level, the Company follows the 'Three Lines of Defense' principle for risk management roles and responsibilities, as follows
Risk Governance Framework | Dedicated committee and roles | Roles and responsibilities |
| Board Oversight | Board of Director
|
|
| Risk Management Committee |
| |
| 1st Line of Defense | Front-line employees as risk owners such as Risk Manager, Patient Safety Coordinator |
|
| 2nd Line of Defense | Chief Administrative Officer and Enterprise Risk Management Steering Committee |
|
| 3rd Line of Defense | Internal Audit Director and Internal Audit Unit |
|
Or Scan QR Code
BDMS operates in line with the Risk Management Policy where the Board of Directors appoints the Enterprise Risk
Management Steering Committee, comprising of independent representatives from relevant departments as members of the Committee. Their responsibilities are to review and screen the risk management policy and guidelines in business operation, starting from risk identification and assessment, guideline establishment and integrated management throughout every organizational activity. The risk management performance is quarterly reported to the Risk Management Committee. Simultaneously, any emerging risks related to medical service business in line with global trends, population structure and business operation technologies must also be assessed. Furthermore, BDMS emphasizes proactive risk management approach as well as encourages the incident search procedure that may incur risks and prevent them from affecting any patients. Besides, BDMS promotes all employees, medical doctors, nurses, multidisciplinary professionals, including employees of the hospitals and of the business groups to collaboratively participate in quality activities to consistently improve medical treatment processes to deliver the utmost safety to all patients by taking into consideration the environmental, social and governance sustainability.
In 2023, BDMS also emphasized the safety of surgical and obstetric patients to ensure the quality management and development of pregnant women and obstetric patients in line with the standards of the company groups while performing into consideration the utmost safety of all patients. Consequently, BDMS reconsider “BDMS Safe pregnancy and Delivery Working Committee” and appoint the OB and GYN Safety Working Team as“BDMS Safe pregnancy and Delivery OB and GYN Working Committee” with the responsibility to determine treatment guidelines for pregnant women and child delivery, obstetrics and gynecology, including improvement of quality, knowledge, capabilities and skills in patient care as well as improve the operating results for mother and newborns according to the international standards.
Effective risk management is key in support of long-term operation plan and the organization’s flexibility. Owing to current risks and potential risks in the future, BDMS realizes the significance of risk management and takes into consideration 3 aspects of sustainability: namely, environmental, social and governance (ESG). These three aspects are deemed crucial components of good corporate governance and a key mechanism of any decision making and operation plans to minimize business risks. The process also helps lessen obstacles and unpredictable factors in terms of profits and operation while building trust among investors and every stakeholder group.
BDMS Risk Management Strategy
BDMS integrates key information and essential aspects of corporate risk management to identify critical business risks while assessing their short, medium, and long-term impact.
BDMS Categorization of 9 Major Corporate Risks
1.Strategic Risk
Risks from misaligned corporate strategy, action plans, or improper implementation affecting revenue, funding, business performance, and continuity. BDMS mitigates this through market analysis, adaptive strategies, and continuous evaluation to ensure sustainable growth.
2.Financial Risk
Risks arising from financial and accounting management, including currency fluctuations, interest rates, liquidity issues, and other accounting risks. BDMS mitigates these risks through robust financial planning, risk assessments, and adaptive financial strategies to ensure stability and sustainable growth.
3.Clinical and Patient Safety Risk
Risks that may impact patient safety during medical services, diagnosis, and treatment processes. BDMS mitigates these risks through strict adherence to medical standards, continuous staff training, advanced technology integration, and rigorous quality control measures to ensure safe and effective patient care.
4.Operational, Nonclinical, Physical Hazard, Environmental, and Disaster Risk
Risks that may cause losses or adverse events unrelated to patient care, including environmental factors, equipment failures, and internal operational issues such as human errors, system malfunctions, and process failures. Additionally, external threats like natural disasters or unforeseen incidents pose potential disruptions. BDMS mitigates these risks through strict operational protocols, continuous staff training, risk assessments, and emergency preparedness plans, ensuring efficiency, safety, and business continuity.
5.Environmental, Social, and Governance (ESG) Risk
Risks arising from environmental, social, and governance (ESG) factors that may impact business operations and long-term corporate sustainability. BDMS mitigates these risks through sustainable resource management, ethical business practices, regulatory compliance, and proactive stakeholder engagement, ensuring resilience and responsible growth.
6.Human Capital Risk
Risks related to labor shortages, including recruitment challenges, employee retention, skills development, and compensation management. BDMS mitigates these risks through strategic workforce planning, competitive benefits, continuous training programs, and employee engagement initiatives to ensure a skilled, motivated, and sustainable workforce.
7.Legal and Regulatory Risk
Risks arising from non-compliance with regulations, procedures, rules, and policies, which may lead to legal, financial, or reputational damage. BDMS mitigates these risks through strict regulatory adherence, continuous monitoring, employee training, and robust governance frameworks to ensure compliance and corporate integrity.
8.Reputation Risk
Risks that may harm the corporate image, especially when negative information spreads through various communication channels, including protests, critiques, or public scrutiny. Such risks can lead to diminished customer trust, negative public perception, and loss of investor confidence. BDMS mitigates these risks through proactive communication strategies, strong stakeholder engagement, crisis management planning, and continuous brand reputation monitoring to uphold public trust and corporate credibility.
9.Technology Risk
Risks associated with the use of information technology in business operations, including threats to confidentiality, integrity, and availability (CIA) of data and systems. These risks may result from cyber threats, security vulnerabilities, and system failures, potentially disrupting business operations. BDMS mitigates these risks through robust cybersecurity measures, data protection policies, continuous system monitoring, and IT infrastructure enhancements to ensure secure and resilient digital operations.
Risk Management Processes
BDMS established Core System Risk Assessment and Hazard Vulnerability Analysis as guideline for risk management on clinical risks and risks related to core systems in hospitals. Risk management procedures are briefly described as followed.
1. Risk Identification
The department head and the committee responsible for critical systems are responsible for reviewing the working process, risks and factors from the occurrence or incidence report in the passing years, statistical indicators and experience from the external parties to determine potential impacts.
Risk factors are identified based on internal and external past events occurred. The data sources are obtained from updated in law and regulations, Occurrence report and Peer review
2. Risk Assessment are considered covering 2 factors
- Likelihood assessment: assess potential and frequency of impact occurrence
- Impact assessment: assess on quantity impact and quality impact in various aspects such as compliance to laws and regulations, safety, financial, strategic and operational and reputation
3. Risk Scoring and Risk Prioritization
Risk Scoring or Risk Prioritization are considered based on levels of likelihood and levels of impacts. Risk Scoring can be illustrated as 5 of risk levels with definitions with the maximum score at 25 points.
BDMS Occurrence Reporting
BDMS sets forth the occurrence reporting system for employees and related internal and external personnel in case of any risks or incidents in the business operations. All personnel have the responsibility to manage such incident in a timely manner and must report the incident through the specified channels, both online and regular, within 8 hours after such incident takes place, with the aim of investigation and data analysis on the impact level. The impacts can be categorized in clinical aspects, including other aspects as follows:
Each impact level results in different internal investigation methods. The occurrence will be reported to the executives on a monthly and quarterly basis.
The risk appetite is at level Low to Medium only (Risk score below and equal to 0 is acceptable and depends on hospitals aspects).
Audit of the risk management process
Internal Audit
The Audit Committee has roles and responsibilities, including ensuring that the Company has established suitable risk management and control systems that encompass the entire organization and suggesting appropriate and efficient management of risks associated with the Company’s business operations. Audit Committee has assigned the internal auditor team to set plan for the Company's annual audit. BDMS’s internal audit process is in accordance with International Professional Practices Framework (IPPF) by Institute of Internal Auditors. The internal audit plan covers reviewing the effectiveness of control, including IT reliance processes and non-IT reliance processes of hospital in BDMS groups and its subsidiaries. The project-based internal audit includes reviewing the effectiveness of the risk management process to assess control effectiveness and mitigation measures. The internal audit is conducted to check alignment of regulatory compliance and external relevant standards, such as regulatory requirements and international standards, such as IT Risk Management under ISO 27001, and requirements based on the Personal Data Protection Act 2012.
In 2024, the internal audit team conducted an assessment of the effectiveness of the control environment in several areas of BDMS’s operational modules. For example, in terms of non-IT-related modules, internal audits were performed to assess the appropriateness of controls in the maintenance process of medical equipment, budget management, revenue recognition, cash receipts, and cash disbursements in the Finance & Accounting department and Human Resource management. For IT-related modules, internal audits were conducted to ensure compliance with BDMS's Information Security Basic Requirements for the 17 actions taken covering information security management and data privacy management, as announced by the Information Security Management Committee (ISMC).
The internal audit process which cover risk management process are demonstrated below:
External Audit
BDMS's has engaged third-party auditors to assist with audit procedures on Risk Management process related to documented policies, procedure relevant to system/data access and the effectiveness of Information Technology operation systems and controls related to the Company’s information system and internal accounting control systems.
For more details, please refer to
> Risk Response, Monitoring and Reporting Guidelines
> Our Commitment to Maintaining Resilience against Risks and Change
Risk Culture
Regular risk management education for all non-executive directors
BDMS Board of directors has attended on Risk Management Program for Corporate Leadership program arranged by Thai Institute of Directors (IOD). The program is designed for Board of Directors, Risk Committee and C-Suites to understand about their roles in overseeing different types of risks which also include risks arising from opportunity management and business crises. The program reflects through the perspectives of corporate leaders who are responsible for supervising and monitoring the work of executives who directly manage the risks.
Integration of Risk Culture across organization on risk management principles
BDMS fosters a culture of accountability and proactive risk management, empowering employees to identify and address risks in alignment with the company's objectives. Several trainings and activities to increase the awareness for risk management are provided to employees as follow:
Safety Culture
BDMS Enterprise Risk Establishment Workshop
BDMS Quality Management in collaboration with Deloitte Touche Tohmatsu Jaiyos Co., Ltd., organized the BDMS Enterprise Risk Establishment Workshop with participation from over 120 attendees. The workshop’s primary target group included senior executives—Chief Executive Officers from all hospital groups and business units—as well as leaders responsible for each risk domain. The session covered seven key risk domains, namely: Strategic Risk, Financial Risk, Clinical and Patient Safety Risk, Non-Clinical / Operational Risk, Human Capital Risk, Legal / Regulatory / Reputation Risk and Technology Risk. The objective was to collectively identify BDMS’s enterprise-wide risks, prioritize them based on impact and likelihood, review current control measures, and develop appropriate mitigation plans along with defining Key Risk Indicators (KRIs) to enable effective monitoring and follow-up. This initiative reflects BDMS’s commitment to embedding comprehensive risk management across all levels of the organization, strengthening operational resilience, and reinforcing its foundation for sustainable healthcare excellence.
Enterprise Risk Management Training
On Tuesday, February 25, 2025, the Medical Quality Department of Bangkok Dusit Medical Services Public Company Limited (BDMS) organized a training session on Enterprise Risk Management (ERM) for employees at all levels across the organization. The objective was to enhance understanding of the corporate risk policy framework and increase awareness of BDMS’s key risk areas across various domains. The training was conducted online and was attended by over 1,000 employees from hospitals across the BDMS network.
This initiative reflects BDMS’s commitment to fostering a risk-aware culture, empowering staff with the knowledge to support proactive and effective risk management organization-wide.
Enterprise Risk Management Training
On Tuesday, February 25, 2025, the Medical Quality Department of Bangkok Dusit Medical Services Public Company Limited (BDMS) organized a training session on Enterprise Risk Management (ERM) for employees at all levels across the organization. The objective was to enhance understanding of the corporate risk policy framework and increase awareness of BDMS’s key risk areas across various domains. The training was conducted online and was attended by over 1,000 employees from hospitals across the BDMS network.
This initiative reflects BDMS’s commitment to fostering a risk-aware culture, empowering staff with the knowledge to support proactive and effective risk management organization-wide.
BDMS Information Security Awareness Training 2025
BDMS is committed to fostering a culture of awareness and promoting a clear understanding of information security and responsible use of information technology across the organization. To support this objective, BDMS launched the BDMS Information Security Awareness Training 2025, targeting all employees from executive level to operational staff across the BDMS network. Executives and employees can register for the course through the BDMS People Connect system under Course ID 30484, which includes two key modules: Information Security and Information Privacy. Participants are encouraged to complete the training and knowledge assessment during the period of February 7 to March 7, 2025. This initiative reinforces BDMS’s commitment to safeguarding digital assets and ensuring data protection practices are consistently applied throughout the organization.
Mandatory risk management training
BDMS has implemented a policy to establish risk management training as mandatory for all employees. BDMS recognizes that the risk of clinical lawsuits is often attributed to miscommunication between healthcare providers and patients. Mandatory trainings that the doctors and dentists are required to attend. The BDMS Mandatory Courses with a total of 5 courses as follows:
- BDMS Bylaws
- Code of Behavior
- Informed Consent
- Legal Issues in Insured Patient Administration for Physicians
- BDMS PDPA Awareness Training for BDMS Physicians
These courses encompass the Code of Conduct and good practices for doctors and dentists, including PDPA, informed consent, and other relevant laws to ensure doctors’ awareness of insured patients as well as to communicate and foster an understanding of correct medical practices which shall be in line with BDMS Bylaws. These 5 courses are mandatory courses for all BDMS doctors and dentists to attend via the BDMS MSO Training. In 2024, BDMS mandates 100% completion of online mandatory training for all doctors and dentists
Risk Management Process in BDMS New Product and Service Development Process
BDMS evaluates and assesses the potential risks and issues in the new product and service development process using Failure Mode and Effects Analysis (FMEA). The analysis commences from the fundamental of the process operated by the personnel in related fields. The representatives of Quality Centre are responsible for efficiently analyzing the potential defaults and impact as well as monitoring the outcome for at least 4 consecutive months. The report must be quarterly submitted to the related Committee with the following steps:
Financial incentives which incorporate risk management metrics
BDMS has integrated risk management metrics into employees' performance evaluations, extending from operational staff to executive leadership. This strategic integration ensures that risk awareness and mitigation efforts permeate throughout the organization. The KPIs for CEO and Hospital Directors is relied on Risk Management. The financial incentive is provided to Executives in relation to achievement of risk performance indicators, including Cost of Poor Quality, Achievement of Sentinel Event Management, and Achievement of Utilization Management (UM) Indicators.